Sony hacked again, another 1m passwords exposed

Sony hacked again, another 1m passwords exposed

Summary: LulzSec claims to have walked off with another 1 million user accounts from Sony - this time through an easy exploit on SonyPictures.com. Will Sony's security problems ever end?

SHARE:
TOPICS: Mobility, Hardware
80

LulzSecurity (LulzSec), a group of hackers that recently gained notoriety for hacking PBS.org's home page with an image of NyanCat, announced Thursday that it has stolen data from Sony. It's yet another in a seemingly endless string of embarrassing security incidents for the company, but what's shocking is just how exposed the data was to begin with.

In a press release posted to their Web site, LulzSec claims to have broken into SonyPictures.com and "compromised over 1,000,000 users' personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts."

The theft included 75,000 "music codes" and 3.5 million "music coupons," according to the group. LulzSec has posted segments of data they claim to have taken from Sony's server to serve as proof of their accomplishment.

There are two astonishing twists to this story - one is that LulzSec was apparently able to access the information fairly easily, using what they describe as "a very simple SQL injection, one of the most primitive and common vulnerabilities." Secondly, "every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it's just a matter of taking it. This is disgraceful and insecure: they were asking for it."

If true, it's devastating news for Sony, which is just getting back on its feet after shutting down access to its PlayStation Network and Sony Online Entertainment servers after hackers made off with personal information on more than 100 million user accounts.

The PlayStation Network, which controls PlayStation 3 and PlayStation Portable users' ability to connect to one another to play online games, was down for more than three weeks through the last half of April and first half of May as Sony struggled to secure the system.

And only in the past 24 hours has Sony brought back its PlayStation Store, which serves as a way for PS3 and PSP users to download games and content for their systems.

Sony hasn't even yet initiated its "Welcome Back" package for consumers affected by the PSN blackout - a collection of about $100 worth of games and content, as well as access to the company's premium "PlayStation Plus" service.

SonyPictures.com isn't directly related to the PlayStation 3 or PlayStation Network - it's Sony's consumer-facing Internet site for information on their movies, television and home entertainment offerings on Blu-Ray Disc and other formats. But Sony's many Web sites and servers have been on the receiving end of security probes and hack attacks for some time, exacerbated by the company's legal proceedings against George "Geohot" Hotz, a programmer who sought to "jailbreak" or enable the PlayStation 3 console to support Linux operating system software - a feature Sony once supported itself, but later removed in a firmware update. Since the widely-publicized outage of the PlayStation Network, hackers have stepped up their attempts to break into Sony's systems.

More:

Topics: Mobility, Hardware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

80 comments
Log in or register to join the discussion
  • They Just Can't Catch A Break

    Poor bastards they can't even get up and running before they're smacked down again.
    vamsmack
    • RE: Sony hacked again, another 1m passwords exposed

      @vamsmack

      Did Sony outsource their security to Apple?
      Admin71
      • Are you troll? Nothing like this ever happened to Apple's users

        @Bookmark71
        DDERSSS
      • RE: Sony hacked again, another 1m passwords exposed

        @Bookmark71

        *chuckles*
        josh92
      • RE: Sony hacked again, another 1m passwords exposed

        @denisrs - actually yes it did. Stop spewing your Apple shaded BS.

        http://mashable.com/2010/07/04/itunes-accounts-hacked

        http://www.pcworld.com/article/200492/apple_app_store_and_itunes_accounts_hacked_say_reports.html

        Please stop.
        hoaxoner
      • RE: Sony hacked again, another 1m passwords exposed

        @denisrs : I think Bookmark71 is talking either about the lack of secure development [think iTunes] or recent security blunders [think MacDefender and the useless update released].
        Gis Bun
      • RE: Sony hacked again, another 1m passwords exposed

        @denisrs

        I think the joke was supposed to be that Apple doesn't "have" security staff.
        The one and only, Cylon Centurion
      • RE: Sony hacked again, another 1m passwords exposed

        @Bookmark71
        IF this was the case there would already be dozens of reports
        vehemently denying that Sony was ever hacked.

        ergo: we can assume that Sony had better security in place.
        bobeverson
      • Again: nothing like this ever happened to Apple's users

        @hoaxoner - actually not, it did not. Stop spewing your anti-Apple shaded BS.<br><br>These links you privided are about single case of compromising of tiny number of accounts. And the way of "compromising" -- that it had anything do Apple's internal iTunes engine and not with users' doings/software/etc -- was never established.<br><br>Please stop.
        DDERSSS
      • How does every Article go back to Apple vs MS

        @Everybody<br><br>this has absolutely nothing to do with Apple or MS... <br>They need to jus make an Apple vs MS fanboy face off fourm...<br><br>I'd expect some 360/Wii fans to be trolling here...boy was I wrong
        5FingerDiscount
      • RE: Sony hacked again, another 1m passwords exposed

        @Bookmark71 LMAO :D Who knows what the two giants share? They might have given off some of their security experts to Apple.
        MrElectrifyer
      • RE: Sony hacked again, another 1m passwords exposed

        Thanks a lot for this beauty Enjoying article with me. I am Appreciating it very much! Looking Forward to Another Great.

        <a href="http://www.backlinkhelp.com/page-rank-6-backlinks">PR 6 backlinks</a>
        nikhil004
    • RE: Sony hacked again, another 1m passwords exposed

      @vamsmack

      They deserve it. I hope all the hackers are doing this out of a sense of being enraged at the unethical and unlawful persecution of George "Geohot" Hotz.
      josh92
      • RE: Sony hacked again, another 1m passwords exposed

        @josh92 As much as I agree with Sony going overboard on George, they were attempting to protect their investment in a way. Yes they did do it in the wrong way. After saying that though, the whole, its retarded that anyone would support the hackers. I don't recall the statement "two wrongs don't make a right" ever changing. Plain and simple the hackers are doing illegal/unlawful and unethical stuff too. So if you hate sony for doing it, why would you even support someone else who does the same thing? That just seems a bit two faced to claim to hate for one thing, and support someone else for the same thing.
        Sareborn
      • Prosecution of George &quot;Geohot&quot; Hotz was NOT unlawful

        @josh92 I hope you don't code as badly as you reason.
        Sony's case against Hotz was completely legal, there are laws against what he did and Sony threatened him with legal action under them. They legally settled out of court.

        I will agree with you on the unethical nature of their attack on him. The PlayStation is a bought and owned piece of equipment, not leased. As such, the owner should have the right to do whatever he or she wants with it; otherwise, they don't really own it.
        Dr_Zinj
      • RE: Sony hacked again, another 1m passwords exposed

        @Sareborn... perhaps you forget about the rootkit debacle several years ago? Sony developed it and ruined millions of perfectly legal CDs and refused to admit it for years and threw the consumers under the bus. Did you forget that? The hackin is their own fault and I am one of those on the sidelines cheering them on! Sony needs to be taught a lesson.
        SpankyFrost
      • RE: Sony hacked again, another 1m passwords exposed

        @josh92

        These hackers aren't attacking 'an evil corporation' they are attacking millions of innocent consumers.
        Doctor Demento
      • RE: Sony hacked again, another 1m passwords exposed

        @josh92
        I agree. Large corporations have the governments in their pockets. This appears to be the only way a consumer can fight back. I'm glad to see it.
        kstap
      • Why, Sony and Holts setteled out of court in April

        @josh92
        One of the conditions is that Hotz would never again hack any Sony products.

        So it was hardly unethical or unlawful persecution, so if the hacking is in relation to that, these people may get Holts in trouble for this all over again.

        Some "ethics".
        Will Pharaoh
      • RE: Sony hacked again, another 1m passwords exposed

        @josh92
        Why does one of Sony's customers deserve to be punished for the acts of Sony? If these hackers are mad at Sony, how about attacking Sony, rather than Sony's customers who had nothing to do with the Geohot case?
        swmace